Apache – listen on a different port with SELINUX enabled (Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:82)

SELinux assigns types to all network ports on a system. Ports below 1024 are labeled reserved_port_t and all ports > 1024 are labeled port_

semanage port -l | grep http  ( run yum install policycoreutils-python if you’re missing the binary)

http_cache_port_t              tcp      3128, 8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                          tcp       80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989

http_port_t is assigned to ports 80, 443, 488, 8008, 8009, 8443

The policy allows httpd_t http_port_t:tcp_socket name_bind;

This means the apache command can “bind” to an port that is labeled http_port_t.

To allow apache to listen on a different port (e.g. 82) execute:

semanage port -a -t http_port_t -p tcp 82 and service httpd restart

sestatus – shows SELinux status

This entry was posted in Linux and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *